testing, bug-hunting, and finding exploits

700 posts in and many of the most annoying problems with this board have been resolved.

the vast majority of vanillaforums usability and aesthetic shortcoming have been addressed by two members, @nrglg and @asterelle. they have combined their efforts and packaged their auto-updating css and javascript improvements into a tampermonkey/stylish script that can be found here. go there and check it out. you wont be sorry.

this forum is super light on user preferences!i also see a link for 'followed categories', yet no way to specify any category as such. i think 'followed' may mean 'unhidden forums'. too bad i cant actually hide an entire category. or better yet, simply whitelist a category.

Okay, this system is just downright vulnerable. Look, I covered up the flag and quote with my signature. Now imagine if instead of having what I wrote there, I mimicked the forum style "Flag" and "Quote" and then proceeded to have them do something malicious when the user clicked on them. This is what I would call a low-level XSS vulnerability (much like a phishing-style attack). It's not as bad as the usual ones involving js, but it's nothing to ignore.

EDIT: Ok, so embedding flash into the sig didn't work. need to try something else.EDIT/EDIT: ok, turns out my code was archaic and the host site I had listed doesn't exist anymore. That what I get for ripping data from a site I haven't used in a few years.

Final Edit: did something MUCH more simple. OMG. It doesn't show on the page, but will when you quote me. HAHAHAHAHAHAHAHAHAAA

EDIT: Ok, so embedding flash into the sig didn't work. need to try something else.EDIT/EDIT: ok, turns out my code was archaic and the host site I had listed doesn't exist anymore. That what I get for ripping data from a site I haven't used in a few years.

Final Edit: did something MUCH more simple. OMG. It doesn't show on the page, but will when you quote me. HAHAHAHAHAHAHAHAHAAA

i have found that i can sorta 'subscribe' to threads by bookmarking them, but there is never any indication that there is a new post, nor is there any way to jump to the first unread post in the thread.

i dont see any way to ignore users...

man this board is really starting to look like a board a company adopts if they dont want their customers using the forum.

Good grief...and here I was thinking the HTML/CSS function was limited because I couldn't even get the link color to change in my signature. I was trying to change the shade of blue to look more like my sig pic, and it would reject the font coding (as in, strip it out entirely every time I tried to save it that way). Which begs the question of why signatures are so much more tightly restricted yet in the bodies of posts, people can do all of this stuff.

Christian Gaming Community Fleets--Faith, Fun, and Fellowship! See the website and PM for more. :-)Proudly F2P.Signature image by gulberat. Avatar image by balsavor.deviantart.com.

Good grief...and here I was thinking the HTML/CSS function was limited because I couldn't even get the link color to change in my signature. I was trying to change the shade of blue to look more like my sig pic, and it would reject the font coding (as in, strip it out entirely every time I tried to save it that way). Which begs the question of why signatures are so much more tightly restricted yet in the bodies of posts, people can do all of this stuff.

dabelgrave said:
gulberat said:
Good grief...and here I was thinking the HTML/CSS function was limited because I couldn't even get the link color to change in my signature. I was trying to change the shade of blue to look more like my sig pic, and it would reject the font coding (as in, strip it out entirely every time I tried to save it that way). Which begs the question of why signatures are so much more tightly restricted yet in the bodies of posts, people can do all of this stuff.
Yeah, the css restriction in sigs bothered me too.
On the other hand, in light of all of this stuff, might it not be a sensible step for PWE to implement those limits on forum posts? I mean, I can live with my link and text not being exactly the right nitpicky color.

Christian Gaming Community Fleets--Faith, Fun, and Fellowship! See the website and PM for more. :-)Proudly F2P.Signature image by gulberat. Avatar image by balsavor.deviantart.com.

gulberat said:On the other hand, in light of all of this stuff, might it not be a sensible step for PWE to implement those limits on forum posts? I mean, I can live with my link and text not being exactly the right nitpicky color.

I can adapt.

CSS inserted into my post gets stripped if I toggle the html view. However, it does not get stripped if I hit the Preview button. I'll have to test if something like that is affecting sigs.